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INTEGRATING A DEVICE INTO A SECURE NETWORK 

BACKGROUND 

Network authenticators such as intelligent switches and 
access points provide authenticated access control of 
endpoints requesting access to a secure network. Endpoints 
may be devices such as personal computers (PCs), wireless- 
cameras or the like. Typical methods for authentication 
between the network authenticator and the network endpoint 
include mutually authenticating each other to establish a 
secure session based on public keys and secure secrets. 

A hash function is a function that converts an input from 
a typically large domain into an output in a typically smaller 
range. A hash value is a number generated from a string of 
bits using a hash function. The hash value is typically 
substantially smaller than the input string of bits itself, 
and is generated by a formula. Hash functions are used in 
hash tables, cryptography and data processing. 



DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of a secure network system. 
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FIG. 2 is a flowchart of a process for integrating a 
device into the secure network system. 

FIG. 3 is a flowchart of a process for validating a hash 
value of a public key for a device. 
5 FIG. 4 is a flowchart of a process for challenging a 

secret . 

FIG. 5 is a flowchart of a process for establishing a 
connection between the device and the secure network system. 
FIG. 6 is a block diagram of a computer system on which 
10 the process of FIG. 2 may be implemented. 

DESCRIPTION 

Referring to FIG. 1, a secure network system 10 includes 
a network console 12, an authenticator 14, and a device 16 

15 (i.e., an endpoint) , which attempts to gain access to the 

secure system through the authenticator 14. Authenticator 14 
is used to determine whether device 16 has proper credentials 
to gain access to secure network system 10. Initially, 
authenticator 14 and device 16 communicate with each other 

20 through an unauthenticated channel 18 to determine whether th 
device has the proper credentials; and once the device has 
been authenticated, the authenticator and the device 
communicate through an authenticated channel 20. 
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Network console 12 includes a display 12a and an input 
device 12b (e.g., a keyboard). Network console 12 is a user 
interface that allows a user to interact with authenticator 14 
and device 16. A protocol channel 22 connects authenticator 
5 14 to network console 12. A protocol, used on channel 22, may 
be a self -configuring protocol. The protocol may include 
discovery, eventing or control operations or any combination 
thereof. Eventing includes sending or receiving event 
signals. For example, the protocol may be the Universal Plug 
10 and Play Protocol (UPnP™) . 

Authenticator 14 includes a credential list 32 and a 
public key/private key pair 34 that includes a public key 33 
and a private key 35. Credential list 32 includes public keys 
from other devices not shown that have been previously 
15 authenticated or have been previously added using network 

console 12. The public keys in credential list 32 are used in 
future network access authentications. 

Public key 33 is an identifier of authenticator 14 that 
is recognized by a device for authentication after a 
20 successful introduction process. Public key 33 and private 
key 35 may be generated as part of a manufacturing process. 
In other techniques, public key 33 and private key 35 may be 
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generated when authenticator 14 is powered-on for the first 
time . 

Device 16 includes a credential list 42, a public/private 
key pair 44 (that includes a public key 43 and a private key 

5 45) , a secret 46, a hash value 48 of public key 43 and a label 
49- Public key 43 is an identifier of device 16 that is 
recognized by an authenticator for authentication after a 
successful introduction process. Public key 43 and private 
key 45 may be generated as part of a manufacturing process. 

10 In other embodiments, public key 43 and private key 45 may be 
generated by device 16, either when the device is powered-on 
for the first time or at some other appropriate time. 

Secret 46 includes a human intelligible string. 
Credential list 42 includes public keys from other 

15 authenticators not shown that have been previously 

authenticated or have been previously added by some other 
process . 

Label 49 includes a printed hash value 49a that 
corresponds to hash 48 and a printed secret 49b that 
20 corresponds to secret 46. As will be shown below, printed 
hash 4 9a and printed secret 4 9b are used to mutually 
authenticate device 16 and the network system 10. The printed 
hash 49a is used to validate that the public key 43 sent to 
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network system 10 actually came from device 16, and the 
printed secret 4 9b is used to validate that the network system 
10 is a network with which the device 16 intends to connect. 

Referring to FIG. 2, an exemplary process 50 for 
integrating device 16 into secure network 10 is shown. 
Process 50 initiates 52 a connection between device 16 with 
secure network 10 through unauthenticated channel 18. Process 
50 sends 54 a public key 33 from authenticator 14 to device 
16. Process 50 sends 56 public key 43 from device 16 to 
authenticator 14. A point-to-point protected tunnel may be 
established between device 16 and authenticator 14. 

At authenticator 14, process 50 determines 58 whether 
device public key 43 is on credential list 32 of authenticator 
14. If device public key 43 is not on credential list 32 of 
authenticator 14, process 50 validates the hash value 4 8 by 
sending a key query 60 to network console 12. 

Referring to FIG. 3, an exemplary process for validating 
hash value 48 is executing a process 70. Process 70 displays 
72 on display 12a of network console 12 a hash of public key 
43. Process 70 determines 76 whether hash value 48 received 
from authenticator 14 matches printed hash 4 9a. For example, 
the user at console 12 looks at printed hash 49a on device 16. 
If hash value 48 does not match printed hash 49a, process 70 
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ends. For example, the user terminates the connection 
process. If hash value 48 does match printed hash 49a, 
process 70 indicates 82 a match. For example, the user can 
select an icon (not shown) on network console 12 or send a 

5 message indicating a match. 

Process 70 attempts 86 to negotiate a tunnel using a 
tunnel protocol with device 16 from authenticator 14. The 
tunnel protocol allows authentication between authenticator 14 
and device 16 and the negotiation of an encryption algorithm 

10 and cryptographic keys before an application protocol 

transmits or receives any data. Process 70 accepts 88 the 
session for the authenticator 14 side. Device 16 side of 
process 50 may not yet be complete. 

Referring back to FIG. 2, at device 14, process 50 

15 determines 62 whether authenticator public key 33 is in 

credential list 42. If authenticator public key 33 is not in 
credential list 42, process 50 challenges 64 printed secret 
49b. 

Referring to FIG. 4, an exemplary process 90 for 
20 challenging 90 printed secret 49b is shown. Process 90 

requests 96 printed secret 49b from the secure network 10. 
Process 90 displays 98 directions to find printed secret 49b 
on label 49. Process 90 inputs 100 printed secret 49b into 
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network console 12. For example, the user loads printed 
secret 4 9b into network console 12 using keyboard 12b. 

Process 90 builds 104 a hash of printed secret 4 9b and 
other relevant values. The hash function used to generate the 

5 hash is a function of public key 33, public key 43, printed 
secret 4 9b, and a random number generated from the tunnel 
protocol. Process 90 encrypts 106 with public key 43 received 
from device 16 into a message. Process 90 optionally signs 
108 with private key 35 to generate a signature. Process 90 

10 sends 110 the message to device 16. 

The building of the hash can occur either in network 
console 12 or authenticator 14. If it occurs in network 
console 12, authenticator 14 will forward authenticator 14 
public key 33, device 16 public key 43, and the random number 

15 generated from the protocol tunnel to the network console 12. 
If it occurs in the authenticator 14, the network console 12 
will forward the printed secret 49b to authenticator 14. 
Encrypting 106 of the hash built 104 occurs at the same 
location the hash was built. 

20 Process 90 may check 112 the signature of the message 

using public key 33 received from authenticator 14. Process 
90 decrypts 114 the message using private key 45. 
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Process 90 builds 116 a second hash value of secret 46 
using a hash function based on secret 46, public key 33, 
public key 43 and a randomly generated number from the tunnel 
protocol. Process 90 determines 118 whether the hash value 
5 sent by the authenticator 14 or network console 12 matches the 
hash value generated on the device 16. If the hash values of 
the secrets do not match, process 90 and process 50 end. If 
the hash values of the secrets do match, device 16 will accept 
the session with the authenticator 14. Authenticator 14 side 
10 of process 50 may not yet be complete. 

Referring to FIG. 2, process 50 determines 68 if the 
components, authenticator 14 and device 16, have each 
validated the other component. If one of the components, 
authenticator 14 or device 16, have invalidated the other 
15 component, process 50 ends without connection. For example, 
the protected tunnel is dropped. If both components validate 
the other component, process 50 establishes 120 a connection 
with the secure network through authenticated channel 20. 
Referring to FIG. 5, an exemplary process for 
20 establishing a connection is a process 120. Process 120 

places 122 public key 33 in credential list 42 of device 16 if 
it is not already stored. Process 120 sends 124 a success 
message to authenticator 14. Process 120 places 126 the 
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public key 43 into credential list 32 of authenticator 14 if 
it is not already stored. Process 120 connects 130 device 16 

to network 10. 

FIG. 6 shows a computer 200 for using process 50. 
5 Computer 100 includes a processor 202, a memory 204, and a 
storage medium 206 (e.g., hard disk). Storage medium 206 
stores operating system 210, data storage 212, and computer 
instructions 214 which are executed by processor 202 out of 
memory 204 to perform process 50. 
10 Process 50 is not limited to use with the hardware and 

software of FIG. 6; they may find applicability in any 
computing or processing environment and with any type of 
machine that is capable of running a computer program. 
Process 50 may be implemented in hardware, software, or a 
15 combination of the two. For example, process 50 may be 

implemented in a circuit that includes one or a combination of 
a processor, a memory, programmable logic and logic gates. 
Process 50 may be implemented in computer programs executed on 
programmable computers /machines that each includes a 
20 processor, a storage medium or other article of manufacture 

that is readable by the processor including volatile and non- 
volatile memory and/or storage elements), at least one input 
device, and one or more output devices. Program code may be 
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applied to data entered using an input device to perform 
process 50 and to generate output information. 

Each such program may be implemented in a high level 
procedural or object-oriented programming language to 
5 communicate with a computer system. However, the programs can 
be implemented in assembly or machine language. The language 
may be a compiled or an interpreted language. Each computer 
program may be stored on a storage medium or device e.g., CD- 
ROM, hard disk, or magnetic diskette that is readable by a 
10 general or special purpose programmable computer for 

configuring and operating the computer when the storage medium 
or device is read by the computer to perform process 50. 
Process 50 may also be implemented as one or more machine- 
readable storage media, configured with a computer program(s), 
15 where upon execution, instructions in the computer program (s 
cause a computer to operate in accordance with process 50. 

Process 50 is not limited to the specific embodiments 
described herein. For example, device 16 may be a laptop PC, 
a small-embedded device without a user input/output capability 
20 (such as a digital wireless camera) , a stereo system, a 
speaker, a personal digital assistant and the like. The 
device may be a cellular phone, a modem, a digital player or 
other consumer electronic product. The device may include a 
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display, memory, a processor and circuitry to connect to a 
secure network. 

Authenticator 14 may be located in a centralized network- 
side server. In other embodiments, authenticator 14 may be 
5 located in a hub, switch, or wireless access point as in small 
'server-less' home or small office/home office (SOHO) 
networks . 

In still other embodiments, instead of using a label 49, 
an application may display secret 4 9b and hash value 49a. 
10 In some embodiments, network console 12 may be located on 

the same machine as authenticator 14. This may negate the 
messages sent between network console 12 and authenticator 14. 

Processes 50, 70, 90 and 120 are not limited to the 
specific processing order of FIGS. 2 to 5. Rather, the blocks 
15 of FIGS. 2 to 5 may be re-ordered, as necessary, to achieve 
the results set forth above. 

Other embodiments not described herein are also within 
the scope of the following claims. 
What is claimed is: 
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